# VS Code + Gemini Code Assist ## Prerequisites Before setting up MVS, ensure the following: #### VS Code * [Download latest VS Code](https://code.visualstudio.com/download) #### Gemini Code Assist VS Code Extension * **Install the Gemini Code Assist extension** from the VS Code Marketplace ([Link](https://marketplace.visualstudio.com/items?itemName=Google.geminicodeassist)) #### Node.js Ensure **Node.js v18.20 or later** is installed. The Mobb MCP server uses `npx` and requires a modern Node.js runtime. ```bash node --version ``` If not installed or outdated, install via [nodejs.org](https://nodejs.org/). ### Step 1. Configure Mobb MCP Server You can configure the MCP server either **per workspace** or **globally**. #### Option A: Workspace-Level (`.gemini/settings.json`) 1. In your project root, create `.gemini/settings.json`: ```json { "mcpServers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { } } } } ``` This file can be committed to your repo and shared across your team. {% hint style="success" %} For single-tenant users, ensure you add the variables `API_URL` and `WEB_APP_URL` in the `env` section. Furthermore, `TOOLS_ENABLED` allows you to specify which [modes](/mobb-user-docs/getting-started/mobb-vibe-shield-mvs.md#modes) are allowed: For example: ```json { "mcpServers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { "API_URL": "https://api-st-.mobb.ai/v1/graphql", "WEB_APP_URL": "https://.mobb.ai", "TOOLS_ENABLED": ["fetch_available_fixes"] } } } } ``` {% endhint %} *** #### Option B: Global Configuration 1. Open your Gemini settings JSON file, located at `~/.gemini/settings.json` where `~` is your home directory (Mac/Linux) or `%USERPROFILE%\.gemini\settings.json` (Windows) 2. Add or update the MCP configuration as follows: ```json { "mcpServers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { } } } } ``` This allows you to reuse the same setup across all projects. {% hint style="success" %} For single-tenant users, ensure you add the variables `API_URL` and `WEB_APP_URL` in the `env` section. Furthermore, `TOOLS_ENABLED` allows you to specify which [modes](/mobb-user-docs/getting-started/mobb-vibe-shield-mvs.md#modes) are allowed: For example: ```json { "mcpServers": { "mobb-mcp": { "type": "stdio", "command": "npx", "args": ["--yes", "mobbdev@latest", "mcp"], "env": { "API_URL": "https://api-st-.mobb.ai/v1/graphql", "WEB_APP_URL": "https://.mobb.ai", "TOOLS_ENABLED": ["fetch_available_fixes"] } } } } ``` {% endhint %} ### Step 2. Restart VS Code After configuring the MCP server, restart VS Code to load the new configuration: 1. Close and reopen VS Code completely, or 2. Reload VS Code * Open Command Palette (`Ctrl+Shift+P` or `Cmd+Shift+P`) * Run `Developer: Reload Window` ### Step 3. Verify Mobb MCP Integration 1. Open Gemini from the left navigation panel in VS Code 2. Toggle **agent mode** **on** in the Gemini chat window 3. Type `/tools` to see if Mobb tools are available 4. Type `/mcp` to see if Mobb MCP server is detected If the configuration is successful, you'll see `mobb-mcp` tools available (such as `scan_and_fix_vulnerabilities`, `fetch_available_fixes`, and `check_for_new_available_fixes`).
### Step 4. Use Mobb with Gemini Code Assist 1. Ensure **Agent Mode** is active. Then in the Gemini Code Assist chat, type: 2. ``` Scan and fix my code using Mobb ``` 3. Gemini will automatically use the Mobb tools when appropriate 4. On first-time setup, MVS will open a browser window to connect to the Mobb platform. You will be prompted to log in and authorize the IDE integration. ## Deploying a Rulebook for Automated Security Scanning and Fixing To ensure comprehensive security coverage in your development workflow, you should deploy a security-focused rulebook that mandates Mobb vulnerability scanning and fixing after every code change. In VS Code with Gemini Code Assist, this can be done by adding a file named `.gemini/GEMINI.md` at the root of your project or repository: {% file src="/files/dlZsH9sc8oVKgc4UiWrq" %} This rulebook enforces a **mandatory security rule** that requires: * **Automatic Mobb scanning and fixing** after implementing any new features or making code changes * **Local fix rule creation** for every vulnerability type discovered by Mobb * **Vulnerability prevention** by building a library of security fix rules specific to your codebase This security-first approach transforms your development workflow into a **continuous security hardening process**, where each vulnerability discovered becomes a permanent protection rule for future development. ### Troubleshooting * Validate `node` is available in the terminal by running `node --version` * Check `.gemini/settings.json` for syntax or command errors * Ensure Gemini Code Assist extension is properly installed and configured * Verify that you're in agent mode when trying to use Mobb tools * After you make changes to the MCP settings, you may need to restart VS Code * For Gemini Code Assist specific issues, check the [Google Cloud Code Assist Agent Mode Guide](https://developers.google.com/gemini-code-assist/docs/use-agentic-chat-pair-programmer) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mobb.ai/mobb-user-docs/getting-started/mobb-vibe-shield-mvs/vs-code-+-gemini-code-assist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.